Mageia 7: MGASA-2019-0346 Moderate: DjVuLibre DoS Threats
mageia
November 30, 2019
The updated packages fix security vulnerabilities: In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows attackers to cause a denial-of-service (application crash i...
Summary
The updated packages fix security vulnerabilities:
In DjVuLibre 3.5.27, DjVmDir.cpp in the DJVU reader component allows
attackers to cause a denial-of-service (application crash in
GStringRep::strdup in libdjvu/GString.cpp caused by a heap-based buffer
over-read) by crafting a DJVU file. (CVE-2019-15142)
In DjVuLibre 3.5.27, the bitmap reader component allows attackers to
cause a denial-of-service error (resource exhaustion caused by a
GBitmap::read_rle_raw infinite loop) by crafting a corrupted image file,
related to libdjvu/DjVmDir.cpp and libdjvu/GBitmap.cpp. (CVE-2019-15143)
In DjVuLibre 3.5.27, the sorting functionality (aka
GArrayTemplate
DjVuLibre 3.5.27 allows attackers to cause a denial-of-service attack
(application crash via an out-of-bounds read) by crafting a corrupted JB2
ima...
References
- https://bugs.mageia.org/show_bug.cgi?id=25730
- https://ubuntu.com/security/notices/USN-4198-1
- https://www.cve.org/CVERecord?id=CVE-2019-15142
- https://www.cve.org/CVERecord?id=CVE-2019-15143
- https://www.cve.org/CVERecord?id=CVE-2019-15144
- https://www.cve.org/CVERecord?id=CVE-2019-15145
- https://www.cve.org/CVERecord?id=CVE-2019-18804
Topics Covered
Resolution
SRPMS
- 7/core/djvulibre-3.5.27-5.1.mga7
PREVIOUS
NEXT
Publication date: 30 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0346.html
Type: security
CVE: CVE-2019-15142,
CVE-2019-15143,
CVE-2019-15144,
CVE-2019-15145,
CVE-2019-18804
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!